802.1X - RADIUS - Chromebooks

When we built our wireless network in 2011 the best way to auth from Active Directory was to run through a radius proxy. It appears now that that is no longer needed in the 9.x controller. I have 2 domains, and I have been successfully authenticating directly from ldap and not radius proxy on my smaller domain.

Before I move my primary domain to direct ldap auth, I wanted to see if anyone else has set this up lately and can offer advice about doing away with radius proxy. In a 9.X environment, with AD auth, is there any reason to keep radius in the picture at all?

Also, I am planning on rolling out chromebooks that will be in a cart for student use. I want to get them to auth with 802.1X with their credentials. It is essential to be to make the login fast (avoid a portal login) and to have per user accounting (I have userid tagged to a firewall)

1 reply

If you use also the Extreme Networks NAC solution you can do it as I did at one of my customers. They had 2 complete different domains with NO trust between. Depending on the damain with the user logon we sent it via NAC rule matrix to the correct DC.